Re: Topic: Inter-AS BGP Local Preference Matrix
On Fri, 29 Oct 2010 09:55:06 PDT, Rettke, Brian said: It's obviously something that each of us would need to do individually, but I'm wondering if there is any way this could become a de facto standard, or could be a method that the community at large could enforce somehow. Alice's Restaurant. If one customer asks for it, if two ask for it, if 50 ask for it... Just put your requirements into the RFP, and make it clear your $$ are going to the outfit that does the best on your list of 6 requirements. Remind the losers of this. Get 49 of your friends to put it in RFP's too. The providers are *not* going to do something like this unless there's a good economic basis for doing it. pgpVlwfPJvARD.pgp Description: PGP signature
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On Thu, 21 Oct 2010 19:21:41 PDT, George Bonser said: With v6, while changing prefixes is easy for some gear, other gear is not so easy. If you number your entire network in Provider A's space, you might have more trouble renumbering into Provider B's space because now you have to change your DHCP ranges, probably visit printers, fax machines, wireless gateways, etc. and renumber those, etc. And some production boxes that you might have in the office data center are probably best left at a static IP address, particularly if they are fronted by a load balancer where their IP is manually configured. If Woody had gone straight to a ULA prefix, this would never have happened... If a site is numbering their internal IPv4 stuff to avoid having to renumber on a provider change, then why would they number their IPv6 stuff from provider space rather than ULA space? And remember - (a) IPv6 allows machine to easily support multiple addresses and (b) if you have a provider address and a ULA, changing providers only means renumbering a *partial* renumber of the hosts that require external visibility - your internal hosts can continue talking to each other on a ULA as if nothing happened. Sure beats the mayhem if your company buys an organization and the 1918 spaces the 2 groups use overlap... Yee-hah. ;) pgpxeM2XKtzB0.pgp Description: PGP signature
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On Sun, Oct 31, 2010 at 12:31 PM, Owen DeLong o...@delong.com wrote: On Oct 31, 2010, at 7:22 AM, valdis.kletni...@vt.edu wrote: On Thu, 21 Oct 2010 19:21:41 PDT, George Bonser said: With v6, while changing prefixes is easy for some gear, other gear is not so easy. If you number your entire network in Provider A's space, you might have more trouble renumbering into Provider B's space because now you have to change your DHCP ranges, probably visit printers, fax machines, wireless gateways, etc. and renumber those, etc. And some production boxes that you might have in the office data center are probably best left at a static IP address, particularly if they are fronted by a load balancer where their IP is manually configured. If Woody had gone straight to a ULA prefix, this would never have happened... Or better yet, if Woody had gone straight to PI, he wouldn't have this problem, either. ula really never should an option... except for a short lived lab, nothing permanent.
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On 10/31/2010 9:31 AM, Owen DeLong wrote: Or better yet, if Woody had gone straight to PI, he wouldn't have this problem, either. And he can justify PI when he first deploys IPv6 with a single provider under which policy? (Assume he is in the ARIN region and that his IPv4 space is currently provider-assigned from a couple of different providers and he's using NAT to do his IPv4 failover management) 1. Quite possibly does not qualify for an IPv4 assigned under the current IPv4 policy (certainly not in a few more months, when *nobody* will qualify except for some transition-space requests) 2. Definitely can't show efficient utilization of all direct IPv4 assignments, as he has none. 3. He's not a community network. So he can't go straight to PI. He either needs to go PA with the first provider, then through renumbering pain (which he knows all too well about from IPv4, and none of the problems like change the address of the intranet wiki server in the internal DNS servers change with IPv6), or use something internal like ULA for things he doesn't want to renumber. If a site is numbering their internal IPv4 stuff to avoid having to renumber on a provider change, then why would they number their IPv6 stuff from provider space rather than ULA space? Which gains what vs. PI? Nothing, but PI isn't available to him. See above. And remember - (a) IPv6 allows machine to easily support multiple addresses and (b) if you have a provider address and a ULA, changing providers only means renumbering a *partial* renumber of the hosts that require external visibility - your internal hosts can continue talking to each other on a ULA as if nothing happened. If you have PI space, changing providers can be even easier and you can leave multiple providers running in parallel. That's a big IF, given the above. He doesn't qualify for PI space, thanks to ARIN policies set by people who want routing tables to stay as small as possible, so PI space to be as difficult as possible to obtain for people like him. Matthew Kaufman
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On Sun, Oct 31, 2010 at 10:26 AM, Matthew Kaufman matt...@matthew.at wrote: On 10/31/2010 9:31 AM, Owen DeLong wrote: If you have PI space, changing providers can be even easier and you can leave multiple providers running in parallel. That's a big IF, given the above. He doesn't qualify for PI space, thanks to ARIN policies set by people who want routing tables to stay as small as possible, so PI space to be as difficult as possible to obtain for people like him. Would it help if ARIN's policies were changed to allow anyone and everyone to obtain PI space directly from them (for the appropriate fee, of course), and then it was left up to the operating community to decide whether or not to route the smaller chunks of space? Right now, we're trying to keep the two communities somewhat in alignment, so that when people obtain IP space, they have a relatively good feeling about it being routed correctly. If we let the ARIN policies stray too far from what the router operators can/will accept, we're going to end up with an ugly, fragmented internet in which organizations are given PI GUA space, only to discover it's not actually useful for reaching large swaths of the internet. I'd hazard a guess that people would consider that to be a worse scenario than the one in which we limit who can get PI space so that there's a reasonably good probability that when the space is issued and announced via BGP, it will be reachable from most of the rest of the internet...that is to say, our current modus operandi. Matthew Kaufman Matt
Management , Provisioning , Fault detection and management for ISPs?
Hi, I´m looking for some books, best common pratices and stuff like that for ISPs. We have an ISP that´s having a fast growth and we´re having some problems because lack of procedures. For an example two days ago we have a broadcast storm that coused a lot of problem and was harsh to find who is causing that issue , couse one of our clients made a self install ( not authorized in one of our multipoint access point) and somehow caused a loop. we have some types of circuit delivery to our customers like point to point licensed microwave , t1/e1 , fiber optic, and point to multipoint wireless. How you large ISPs deal with that kind of problem or that´s never happen becouse all your circuits are delivered in a private vlan, qinq, serial interfaces, point to point ? Thanks! -- Gustavo Santos Analista de Redes CCNA , MTCNA , JUNCIA-ER
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On Oct 31, 2010, at 10:58 AM, Matthew Petach wrote: On Sun, Oct 31, 2010 at 10:26 AM, Matthew Kaufman matt...@matthew.at wrote: On 10/31/2010 9:31 AM, Owen DeLong wrote: If you have PI space, changing providers can be even easier and you can leave multiple providers running in parallel. That's a big IF, given the above. He doesn't qualify for PI space, thanks to ARIN policies set by people who want routing tables to stay as small as possible, so PI space to be as difficult as possible to obtain for people like him. Would it help if ARIN's policies were changed to allow anyone and everyone to obtain PI space directly from them (for the appropriate fee, of course), and then it was left up to the operating community to decide whether or not to route the smaller chunks of space? I really don't expect this to be as much of an issue in IPv6. Right now, we're trying to keep the two communities somewhat in alignment, so that when people obtain IP space, they have a relatively good feeling about it being routed correctly. If we let the ARIN policies stray too far from what the router operators can/will accept, we're going to end up with an ugly, fragmented internet in which organizations are given PI GUA space, only to discover it's not actually useful for reaching large swaths of the internet. PI GUA is at least as useful in that context as ULA. I'd hazard a guess that people would consider that to be a worse scenario than the one in which we limit who can get PI space so that there's a reasonably good probability that when the space is issued and announced via BGP, it will be reachable from most of the rest of the internet...that is to say, our current modus operandi. Not if they are turning to ULA. Owen
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On Oct 31, 2010, at 6:45 AM, Christopher Morrow wrote: If Woody had gone straight to a ULA prefix, this would never have happened... Or better yet, if Woody had gone straight to PI, he wouldn't have this problem, either. ula really never should an option... except for a short lived lab, nothing permanent. Seems to me the options are: 1) PI, resulting in no renumbering costs, but RIR costs and routing table bloat 2) PA w/o ULA, resulting in full site renumbering cost, no routing table bloat 3) PA w/ ULA, resulting in externally visible-only renumbering cost, no routing table bloat Folks appear to have voted with their feet that (2) isn't really viable -- they got that particular T-shirt with IPv4 and have been uniformly against getting the IPv6 version, at last as far as I can tell. My impression (which may be wrong) is that with respect to (1), a) most folks can't justify a PI request to the RIR, b) most folks don't want to deal with the RIR administrative hassle, c) most ISPs would prefer to not have to replace their routers. That would seem to leave (3). Am I missing an option? Regards, -drc
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On Oct 31, 2010, at 9:01 AM, Owen DeLong wrote: Would it help if ARIN's policies were changed to allow anyone and everyone to obtain PI space directly from them (for the appropriate fee, of course), and then it was left up to the operating community to decide whether or not to route the smaller chunks of space? I really don't expect this to be as much of an issue in IPv6. Why would the commercial interests that have driven ISPs to remove long prefix length filters in IPv4 not apply to IPv6? Regards, -drc
RE: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -Unique local addresses)
Seems to me the options are: 1) PI, resulting in no renumbering costs, but RIR costs and routing table bloat 2) PA w/o ULA, resulting in full site renumbering cost, no routing table bloat 3) PA w/ ULA, resulting in externally visible-only renumbering cost, no routing table bloat In my particular case, IPv6 offers no advantage when it comes to renumbering. It is just exactly as difficult to renumber with v6 as it is with v4. I do understand that in a lot of cases where end nodes are autoconfiguring based on RA it makes it easy but in many places that really isn't an option.
Re: Mystery open source switching company claims top-of-rack price edge (was Re: Pica8 - Open Source Cloud Switch)
Hi, On Sat, Oct 30, 2010 at 11:26 PM, Kevin Oberman ober...@es.net wrote: I might also mention that I received private SPAM from a name we all know and loath. (Hint: He's been banned from NANOG for VERY good reason and his name is of French derivation.) I just added a filter to block any mail mentioning pica8 and will see no more of this thread or their spam. Same here. He harvests email addresses from peeringdb. (I have slight typo's in my peeringdb record to recognize harvested spams.) Bas
Re: Optical Wireless
Hello, Canon. Canobeam laser systems. Very nice, very fast. I've heard of installations going around a mile and stayed up in a snow storm. We swapped out our Canobeams a while ago for units by Bridgewave (http://www.bridgewave.com/) Eric :)
Re: Mystery open source switching company claims top-of-rack price edge (was Re: Pica8 - Open Source Cloud Switch)
I don't know what the big deal is. I've rolled at least 20 of these switches into my network, and not only are they more stable than the Centillion switches that they replaced, they only cost half as much. Most of the money I dropped was on converting my stations from token ring to ethernet. On Sun, Oct 31, 2010 at 6:59 PM, bas kilo...@gmail.com wrote: Hi, On Sat, Oct 30, 2010 at 11:26 PM, Kevin Oberman ober...@es.net wrote: I might also mention that I received private SPAM from a name we all know and loath. (Hint: He's been banned from NANOG for VERY good reason and his name is of French derivation.) I just added a filter to block any mail mentioning pica8 and will see no more of this thread or their spam. Same here. He harvests email addresses from peeringdb. (I have slight typo's in my peeringdb record to recognize harvested spams.) Bas
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -Unique local addresses)
On Sun, Oct 31, 2010 at 2:01 PM, George Bonser gbon...@seven.com wrote: ula really never should an option... except for a short lived lab, nothing permanent. I have a few candidate networks for it. Mostly networks used for clustering or database access where they are just a flat LAN with no gateway. No layer 3 gets routed off that subnet and the only things talking on it are directly attached to it. why not just use link-local then? eventually you'll have to connect that network with another one, chances of overlap (if the systems support real revenue) are likely too high to want to pay the renumbering costs, so even link-local isn't a 100% win :( globally-unique is really the best option all around. -chris
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On Sun, Oct 31, 2010 at 3:10 PM, David Conrad d...@virtualized.org wrote: On Oct 31, 2010, at 6:45 AM, Christopher Morrow wrote: If Woody had gone straight to a ULA prefix, this would never have happened... Or better yet, if Woody had gone straight to PI, he wouldn't have this problem, either. ula really never should an option... except for a short lived lab, nothing permanent. Seems to me the options are: 1) PI, resulting in no renumbering costs, but RIR costs and routing table bloat 2) PA w/o ULA, resulting in full site renumbering cost, no routing table bloat 3) PA w/ ULA, resulting in externally visible-only renumbering cost, no routing table bloat Folks appear to have voted with their feet that (2) isn't really viable -- they got that particular T-shirt with IPv4 and have been uniformly against getting the IPv6 version, at last as far as I can tell. My impression (which may be wrong) is that with respect to (1), a) most folks can't justify a PI request to the RIR, b) most folks don't want to deal with the RIR administrative hassle, c) most ISPs would prefer to not have to replace their routers. That would seem to leave (3). Am I missing an option? I don't think so, though I'd add 2 bits to your 1 and 3 options: 1) we ought to make getting PI easy, easy enough that the other options just don't make sense. 2) ULA brings with it (as do any options that include multiple addresses) host-stack complexity and address-selection issues... 'do I use ULA here or GUA when talking to the remote host?' -chris
RE: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -Unique local addresses)
why not just use link-local then? eventually you'll have to connect that network with another one, chances of overlap (if the systems support real revenue) are likely too high to want to pay the renumbering costs, so even link-local isn't a 100% win :( globally-unique is really the best option all around. -chris Routing mostly on the end host is why. If I have 10 clustering vlans (which will never get routed outside the cluster) and they all have the same link local address (if the vlan interfaces are configured on the same ethernet device, they will all have the same link local address), how do they know which vlan interface to send the packet out? All of them will have exactly the same link local address. And I have an aversion to putting link local IPs in DNS as everyone thinks the hostname is on the local link in case of some kind of dns screwup.
Re: Bandwidth into Haiti
Has the landing station been repaired yet after last years earthquake ? - Yes It's now in operation -M
Re: Mystery open source switching company claims top-of-rack price edge (was Re: Pica8 - Open Source Cloud Switch)
Hi Paul, On Mon, Nov 1, 2010 at 2:07 AM, Paul WALL pauldotw...@gmail.com wrote: I don't know what the big deal is. I've rolled at least 20 of these switches into my network, and not only are they more stable than the Centillion switches that they replaced, they only cost half as much. Most of the money I dropped was on converting my stations from token ring to ethernet. All of the people that responded to this thread are not complaining about the hardware. They are complaining about Guillaume's spam strategy. Other than that are you comparing apples to apples when you compare Nortel ATM switches (with EOL somewhere in 2004) with new ethernet hardware? Bas
Re: Mystery open source switching company claims top-of-rack price edge (was Re: Pica8 - Open Source Cloud Switch)
On 10/31/2010 10:25 PM, bas wrote: Other than that are you comparing apples to apples when you compare Nortel ATM switches (with EOL somewhere in 2004) with new ethernet hardware? Nortel Centillion... had a cold chill run up my spine just thinking back about it... shadows of Synoptics... and Bay... sheesh... :-) Is this a commemorative Scary Halloween Ghost story? Watch y'er language folks :-) Jeff
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -Unique local addresses)
In message aanlktimsb6uj-jpoglg08q-rzdub-+c9c5kmzcktq...@mail.gmail.com, Chri stopher Morrow writes: On Sun, Oct 31, 2010 at 2:01 PM, George Bonser gbon...@seven.com wrote: ula really never should an option... except for a short lived lab, nothing permanent. I have a few candidate networks for it. =A0Mostly networks used for clustering or database access where they are just a flat LAN with no gateway. =A0No layer 3 gets routed off that subnet and the only things talking on it are directly attached to it. why not just use link-local then? If you had actually every tried to use link-local then you would know why you don't use link-local. eventually you'll have to connect that network with another one, chances of overlap (if the systems support real revenue) are likely too high to want to pay the renumbering costs, so even link-local isn't a 100% win :( globally-unique is really the best option all around. 2^40 is 1099511627776. The chances of collision are so low that one really shouldn't worry about it. You are millions of times more likely of dieing from a asteroid 1-in-500,000[1]. If you merge thousands of ULA and don't consolidate then you start to have a reasonable chance of collision. Even if you do have colliding ULA prefixes you don't necessarially have colliding subnets when merging companies. Just allocate subnet randomly. It's not like 2^16 internal subnets is going to be a major routing problem. Mark [1] http://www.livescience.com/environment/050106_odds_of_dying.html -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Mystery open source switching company claims top-of-rack price edge (was Re: Pica8 - Open Source Cloud Switch)
On Oct 31, 2010, at 19:25, bas kilo...@gmail.com wrote: Hi Paul, On Mon, Nov 1, 2010 at 2:07 AM, Paul WALL pauldotw...@gmail.com wrote: I don't know what the big deal is. I've rolled at least 20 of these switches into my network, and not only are they more stable than the Centillion switches that they replaced, they only cost half as much. Most of the money I dropped was on converting my stations from token ring to ethernet. All of the people that responded to this thread are not complaining about the hardware. They are complaining about Guillaume's spam strategy. Other than that are you comparing apples to apples when you compare Nortel ATM switches (with EOL somewhere in 2004) with new ethernet hardware? DJ Paul Wall only recently upgraded from FDDI... Bas
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
On Oct 31, 2010, at 12:12 PM, David Conrad wrote: On Oct 31, 2010, at 9:01 AM, Owen DeLong wrote: Would it help if ARIN's policies were changed to allow anyone and everyone to obtain PI space directly from them (for the appropriate fee, of course), and then it was left up to the operating community to decide whether or not to route the smaller chunks of space? I really don't expect this to be as much of an issue in IPv6. Why would the commercial interests that have driven ISPs to remove long prefix length filters in IPv4 not apply to IPv6? I don't expect the IPv6 routing table to be long enough to drive prefix filtration in the foreseeable future. Owen
Re: Mystery open source switching company claims top-of-rack price edge (was Re: Pica8 - Open Source Cloud Switch)
Other than that are you comparing apples to apples when you compare Nortel ATM switches (with EOL somewhere in 2004) with new ethernet hardware? arista rulz tos